J'ai chopé Look2me, help !
J'ai chopé Look2me, help ! - Sécurité - Windows & Software
Marsh Posté le 16-05-2006 à 23:25:54
Salut à toi,
1-2-3) Télécharge Testor -> http://www.lutile.be/testor.zip
4) Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver
5) Clique-droit sur "Testor.zip", puis sur "Extraire tout" (Si Winzip ou Winrar est installé sur ton ordi, ça peut être "Extract To Folder" ou "Décompresser vers le dossier..." )
6) Ouvre le dossier décompressé et double-clique sur "Lisez-moi.txt"
7) Ferme "Lisez-moi" après l'avoir lu et double-clique sur "Testor.bat"
8) Clique sur "Exécuter" --> Une fenêtre noire s'ouvre
9) Appuie sur "Enter" et tape ton prénom, puis "Enter"
10) Sauvegarde de la base des registres, accepte (ça prend quelques secondes...)
11) Continue (il enregistre tes paramètres dans le dossier "r4c10" )
12) Accepte l'optimisation
13) Accélérer XP --> Appuie sur "O"
14) Supprimer les BHO --> "N"
15) Réparer un desktop Hijacking --> "N"
16) Désinfecter Winlogon --> "O" (si tu es certain qu'aucun pilote / logiciel valide n'est configuré dans cette clef et que tu es bien infecté par Look2Me)
17) Réparer le fichier "Host" --> "O"
18) Supprimer CWS --> "O"
19) ... mise à jour --> "N"
20) ... centre de sécurité --> "N"
21) Processus invisibles avec HijackThis ? --> "O"
22) Télécharger la dernière version d'HijackThis --> "O"
-------- Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver
23) Télécharger AVG --> "N"
24) Cleanup --> "O"
25) Choisis "Enregistrer" et mets-le à un endroit où tu vas le retrouver
26) Enregistrement des paramètres du réseau, accepte
27) Chargeur de démarrage, idem
28) Sauvegarder les exe du system --> "O" et ça défile !
29) Suppression de l'espion : Ok
30) Désinstaller Windows Messenger --> "N"
30) Nettoyage du dossier Prefetch : Ok
31) Services démarrés : Ok
32) Désactivation de l'indexation : Ok
33) Fermer toutes les fenêtres
34) Lance HijackThis et choisis "Do A System Scan And Save A Log File"
35) Poste ici le log...
Message édité par wawaseb le 16-05-2006 à 23:26:22
Marsh Posté le 16-05-2006 à 23:52:13
Ouf ç'est une manip' marathon ta méthode mais merci je vais essayer. Par contre comment savoir si un pilote est logé dans wingolon (kesako?) ??
Marsh Posté le 17-05-2006 à 03:58:23
Voila J'ai fait la manip et voila mon log hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 01:05:32, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SEB\Logiciels et programmes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\irn4l55q1.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Message édité par ptitbagz le 17-05-2006 à 03:59:15
Marsh Posté le 17-05-2006 à 06:59:58
Tu es bien infecté par Look2Me et aucun pilote ne se trouve dans ton Winlogon....
Relance HijackThis et fixe cette ligne :
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
Relance Testor, refuse tout sauf la désinfection du Winlogon !
Redémarre et poste un nouveau log...
Marsh Posté le 17-05-2006 à 15:01:58
Voici le nouveau log:
Logfile of HijackThis v1.99.1
Scan saved at 14:51:37, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\SEB\Logiciels et programmes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\kt26l7fs1.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Apparemment + de winlogon malgré ses tentatives continues et acharnées de se remettre dans la base de registre...
Marsh Posté le 17-05-2006 à 15:11:33
Non, il est toujours là...
1) Désactive la restauration du système
2) Relance Testor, refuse tout sauf la désinfection du Winlogon
3) Relance HijackThis et supprime TOUT ce qui se trouve en "020"
3) Installe et exécute Cleanup
4) Redémarre et poste un nouveau log HijackThis
Marsh Posté le 17-05-2006 à 19:47:05
Effectivement, et il a pas bougé:
Logfile of HijackThis v1.99.1
Scan saved at 19:46:14, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\SEB\Logiciels et programmes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.142 86.64.145.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\q2rqlc951f.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Marsh Posté le 17-05-2006 à 20:00:16
Re-salut...
Bon... nous allons en finir :
Télécharge CE fix : http://www.lutile.be/l2mfix.exe
Redémarre en mode sans échec, décompresse l'archive dans un dossier dédié, lance le fix (exe), choisis l'option 1, poste-là sur le forum (après le nettoyage), sélectionne directement après l'option 2.
Redémarre et poste un nouveau log HijackThis...
Ce coup-ci, tu seras tiré d'affaire...
Bien à toi,
Marsh Posté le 17-05-2006 à 20:37:40
log L2MFIX:
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n6n60g5se6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AF776177-9896-F86E-6829-70EE6D849068}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de proprits du fichier multimdia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de scurit NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des proprits de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de scurit DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donnes endommages de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets rseau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension icne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de scurit des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions rseau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions rseau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interprteur de commandes pour l'environnement d'excution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donnes Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tches planifies"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tches et menu Dmarrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Excuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du tlchargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet intgr de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Bote d'entre de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalise MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de dmarrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de rsum (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chane"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chane"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{40ED0C14-7173-46F9-BA5F-75F86E4347B5}"=""
"{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}"=""
"{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}"=""
"{5921CA39-D422-4A2D-B53C-B31EF5A4D629}"=""
"{308914D3-CD23-4756-89BA-F66D4ECFA8D4}"=""
"{C021D310-17B5-40AB-A689-1D8199799D7A}"=""
"{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}"=""
"{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}"=""
"{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}"=""
"{5A315C6E-142C-4286-B000-AD305024E3D8}"=""
"{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}"=""
"{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}"=""
"{8B409043-6D7B-4913-BCCA-C8FC69661BCA}"=""
"{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}"=""
"{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}"=""
"{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}"=""
"{A5633E34-9E9C-414E-8486-6866DFBA5745}"=""
"{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}"=""
"{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}"=""
"{CE2CDAE0-F366-4D93-99D7-197ABF099665}"=""
"{3857B3E1-99C6-4C1A-BD14-3BDE16906738}"=""
"{4AFFC771-A279-41E2-A046-EE20204369AF}"=""
"{3FB7FA9A-69B2-455C-9526-571B769F0125}"=""
"{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}"=""
"{156B337D-AA28-4D21-BE5C-5DA98756E36D}"=""
"{B5962026-2F36-4708-A91F-7BF8AA7EBD14}"=""
"{A6327A16-78ED-486E-A698-B16C4FDCA363}"=""
"{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}"=""
"{C9E6703C-AFE6-41D2-9F39-3975372448E4}"=""
"{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}"=""
"{A3941807-86EE-43F4-A759-A064DE9C1387}"=""
"{2A572CDA-2489-454C-A581-D0F5B9F9C292}"=""
"{BD014AE9-79A8-4D68-B635-9642433DAA31}"=""
"{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}"=""
"{0706798C-9923-47A6-8FAD-954F81864803}"=""
"{9FB1347A-0D64-465A-B5C8-527534259B71}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}"=""
"{DB66F3A4-FF74-4177-833D-1FA3806F5789}"=""
"{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}"=""
"{C9110B1B-E66A-481D-8EF4-4358F97E94BD}"=""
"{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}"=""
"{52DD4204-6651-4C74-956A-771D8D13CE7F}"=""
"{1F36DD07-0080-4B0D-914D-C5E2F5667109}"=""
"{1335A957-D769-4522-9C96-0B24AA124E0C}"=""
"{E5B8255F-5E78-44A0-857F-CBA835275804}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40ED0C14-7173-46F9-BA5F-75F86E4347B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\sclwapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6F5CE0A5-FC8C-4E41-A0C0-DED0170CB4DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\escapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EF6F9335-9CAF-4B9C-89DD-CFCCC4EDB82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\acstream.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5921CA39-D422-4A2D-B53C-B31EF5A4D629}\InprocServer32]
@="C:\\WINDOWS\\system32\\iGssdo.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{308914D3-CD23-4756-89BA-F66D4ECFA8D4}\InprocServer32]
@="C:\\WINDOWS\\system32\\mdnsspc.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C021D310-17B5-40AB-A689-1D8199799D7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\xXctsrv.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3A737A6C-F959-4D8F-BB4F-9CE55C4D60AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\czfgnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B8DAE7D-1449-4D8F-B5A9-6B1FE9B0DDAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C1B1DE9-81CD-4172-869F-D7B6B887B2FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdlv1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5A315C6E-142C-4286-B000-AD305024E3D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\imxwan.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2F5C7C75-CBE2-4B87-B759-3AE4CD9D1CCE}\InprocServer32]
@="C:\\WINDOWS\\system32\\aoctres.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DCA5442D-08BF-4B1C-8322-8BBD9E725F1E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dSd8.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B859E3F1-2635-4EAE-B6EC-67DF68834BDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\twkwks.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B409043-6D7B-4913-BCCA-C8FC69661BCA}\InprocServer32]
@="C:\\WINDOWS\\system32\\izetcomm.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F30EA55E-5BCF-4961-9DB7-618D45B3EFEB}\InprocServer32]
@="C:\\WINDOWS\\system32\\inlogmsg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A622A7F-9CCB-4E0F-B09E-92E6714DF392}\InprocServer32]
@="C:\\WINDOWS\\system32\\dgsshlex.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48D45CF4-1976-4DCF-84F5-43AAA5FA1650}\InprocServer32]
@="C:\\WINDOWS\\system32\\mniseq.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A5633E34-9E9C-414E-8486-6866DFBA5745}\InprocServer32]
@="C:\\WINDOWS\\system32\\wdaueng1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0FCD1E36-5389-4CB2-8547-53BB8EA7D5C5}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcsdmoe2.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15E3ECB9-B9EE-4FBF-8DFF-0D4FF465A490}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngwrsfr.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE2CDAE0-F366-4D93-99D7-197ABF099665}\InprocServer32]
@="C:\\WINDOWS\\system32\\nzwdev.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3857B3E1-99C6-4C1A-BD14-3BDE16906738}\InprocServer32]
@="C:\\WINDOWS\\system32\\whpasf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4AFFC771-A279-41E2-A046-EE20204369AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\UML.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3FB7FA9A-69B2-455C-9526-571B769F0125}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjcpx32r.dLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D42E081-68F1-4C85-8DF4-2CA0D9E9FA56}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlstream.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{156B337D-AA28-4D21-BE5C-5DA98756E36D}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdfo.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B5962026-2F36-4708-A91F-7BF8AA7EBD14}\InprocServer32]
@="C:\\WINDOWS\\system32\\qqdwipes.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6327A16-78ED-486E-A698-B16C4FDCA363}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrcrt4.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{338D4975-EC16-4B5E-B1A9-7E2D08FD2CEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\iCsacct.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9E6703C-AFE6-41D2-9F39-3975372448E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilaapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EE81E5F8-5D4C-4534-B3CF-3D0A2B698367}\InprocServer32]
@="C:\\WINDOWS\\system32\\asvapi32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3941807-86EE-43F4-A759-A064DE9C1387}\InprocServer32]
@="C:\\WINDOWS\\system32\\tCpi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A572CDA-2489-454C-A581-D0F5B9F9C292}\InprocServer32]
@="C:\\WINDOWS\\system32\\dcrgres.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD014AE9-79A8-4D68-B635-9642433DAA31}\InprocServer32]
@="C:\\WINDOWS\\system32\\ajsmsext.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{71B1C00B-8C20-4AC5-9813-B0B293ACA2D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\uxrv42a.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0706798C-9923-47A6-8FAD-954F81864803}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudycl.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9FB1347A-0D64-465A-B5C8-527534259B71}\InprocServer32]
@="C:\\WINDOWS\\system32\\apthz.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{60E4AA9A-735D-43A6-A539-AE5DC8AB3621}\InprocServer32]
@="C:\\WINDOWS\\system32\\rCsmans.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DB66F3A4-FF74-4177-833D-1FA3806F5789}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdmps.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8CF0CF58-DECD-47DC-9741-ED1721E89E1C}\InprocServer32]
@="C:\\WINDOWS\\system32\\spcurity.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9110B1B-E66A-481D-8EF4-4358F97E94BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\ifhlpapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{19496AC6-EF89-42C7-9BCC-2FE5EB238EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\lpcdll.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52DD4204-6651-4C74-956A-771D8D13CE7F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mXpi32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1F36DD07-0080-4B0D-914D-C5E2F5667109}\InprocServer32]
@="C:\\WINDOWS\\system32\\nptapi32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1335A957-D769-4522-9C96-0B24AA124E0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\nitman.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E5B8255F-5E78-44A0-857F-CBA835275804}\InprocServer32]
@="C:\\WINDOWS\\system32\\SLDOCVW.DLL"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ajsmsext.dll Tue 16 May 2006 13:58:44 ..S.. 236 827 231,27 K
apthz.dll Wed 17 May 2006 0:19:52 ..S.. 235 594 230,07 K
asvapi32.dll Mon 15 May 2006 23:13:48 ..S.. 235 888 230,36 K
cpumztxi.dll Mon 8 May 2006 21:45:38 A.... 139 264 136,00 K
dcrgres.dll Tue 16 May 2006 13:48:24 ..S.R 236 023 230,49 K
gpj6l3~1.dll Wed 17 May 2006 2:14:22 ..S.R 235 641 230,12 K
gplql3~1.dll Tue 16 May 2006 19:14:38 ..S.R 237 127 231,57 K
ifhlpapi.dll Wed 17 May 2006 14:50:34 ..S.R 236 842 231,29 K
ilaapi.dll Mon 15 May 2006 21:10:30 ..S.. 235 888 230,36 K
ir6ol5~1.dll Wed 17 May 2006 20:20:00 ..S.R 233 686 228,21 K
irr0l5~1.dll Tue 16 May 2006 20:29:48 ..S.R 236 689 231,14 K
kudycl.dll Tue 16 May 2006 18:09:40 ..S.. 234 139 228,65 K
lpcdll.dll Wed 17 May 2006 18:31:38 ..S.R 233 817 228,34 K
mxpi32.dll Wed 17 May 2006 18:38:06 ..S.R 236 842 231,29 K
n6n60g~1.dll Wed 17 May 2006 18:45:40 ..S.R 234 742 229,24 K
nitman.dll Wed 17 May 2006 18:52:00 ..S.R 233 686 228,21 K
nlame.dll Sat 18 Mar 2006 0:43:52 A.... 110 080 107,50 K
nptapi32.dll Wed 17 May 2006 18:45:34 ..S.R 233 873 228,39 K
nv4_disp.dll Fri 17 Mar 2006 9:31:00 A.... 3 974 656 3,79 M
nvapi.dll Fri 17 Mar 2006 9:31:00 A.... 98 304 96,00 K
nvcod.dll Fri 17 Mar 2006 9:31:00 A.... 35 840 35,00 K
nvcodins.dll Fri 17 Mar 2006 9:31:00 A.... 35 840 35,00 K
nvcpl.dll Fri 17 Mar 2006 9:31:00 A.... 7 561 216 7,21 M
nvhwvid.dll Fri 17 Mar 2006 9:31:00 A.... 573 440 560,00 K
nview.dll Fri 17 Mar 2006 9:31:00 A.... 1 466 368 1,40 M
nvmccs.dll Fri 17 Mar 2006 9:31:00 A.... 229 376 224,00 K
nvmccsrs.dll Fri 17 Mar 2006 9:31:00 A.... 45 056 44,00 K
nvmctray.dll Fri 17 Mar 2006 9:31:00 A.... 86 016 84,00 K
nvnt4cpl.dll Fri 17 Mar 2006 9:31:00 A.... 286 720 280,00 K
nvoglnt.dll Fri 17 Mar 2006 9:31:00 A.... 5 419 008 5,17 M
nvrsar.dll Fri 17 Mar 2006 9:31:00 A.... 327 680 320,00 K
nvrscs.dll Fri 17 Mar 2006 9:31:00 A.... 245 760 240,00 K
nvrsda.dll Fri 17 Mar 2006 9:31:00 A.... 249 856 244,00 K
nvrsde.dll Fri 17 Mar 2006 9:31:00 A.... 274 432 268,00 K
nvrsel.dll Fri 17 Mar 2006 9:31:00 A.... 278 528 272,00 K
nvrseng.dll Fri 17 Mar 2006 9:31:00 A.... 245 760 240,00 K
nvrses.dll Fri 17 Mar 2006 9:31:00 A.... 278 528 272,00 K
nvrsesm.dll Fri 17 Mar 2006 9:31:00 A.... 270 336 264,00 K
nvrsfi.dll Fri 17 Mar 2006 9:31:00 A.... 245 760 240,00 K
nvrsfr.dll Fri 17 Mar 2006 9:31:00 A.... 282 624 276,00 K
nvrshe.dll Fri 17 Mar 2006 9:31:00 A.... 323 584 316,00 K
nvrshu.dll Fri 17 Mar 2006 9:31:00 A.... 258 048 252,00 K
nvrsit.dll Fri 17 Mar 2006 9:31:00 A.... 278 528 272,00 K
nvrsja.dll Fri 17 Mar 2006 9:31:00 A.... 266 240 260,00 K
nvrsko.dll Fri 17 Mar 2006 9:31:00 A.... 258 048 252,00 K
nvrsnl.dll Fri 17 Mar 2006 9:31:00 A.... 270 336 264,00 K
nvrsno.dll Fri 17 Mar 2006 9:31:00 A.... 249 856 244,00 K
nvrspl.dll Fri 17 Mar 2006 9:31:00 A.... 253 952 248,00 K
nvrspt.dll Fri 17 Mar 2006 9:31:00 A.... 270 336 264,00 K
nvrsptb.dll Fri 17 Mar 2006 9:31:00 A.... 266 240 260,00 K
nvrsru.dll Fri 17 Mar 2006 9:31:00 A.... 266 240 260,00 K
nvrssk.dll Fri 17 Mar 2006 9:31:00 A.... 253 952 248,00 K
nvrssl.dll Fri 17 Mar 2006 9:31:00 A.... 253 952 248,00 K
nvrssv.dll Fri 17 Mar 2006 9:31:00 A.... 249 856 244,00 K
nvrstr.dll Fri 17 Mar 2006 9:31:00 A.... 253 952 248,00 K
nvrszhc.dll Fri 17 Mar 2006 9:31:00 A.... 221 184 216,00 K
nvrszht.dll Fri 17 Mar 2006 9:31:00 A.... 122 880 120,00 K
nvshell.dll Fri 17 Mar 2006 9:31:00 A.... 466 944 456,00 K
nvwddi.dll Fri 17 Mar 2006 9:31:00 A.... 81 920 80,00 K
nvwdmcpl.dll Fri 17 Mar 2006 9:31:00 A.... 1 662 976 1,59 M
nvwimg.dll Fri 17 Mar 2006 9:31:00 A.... 1 019 904 996,00 K
nvwrsar.dll Fri 17 Mar 2006 9:31:00 A.... 282 624 276,00 K
nvwrscs.dll Fri 17 Mar 2006 9:31:00 A.... 286 720 280,00 K
nvwrsda.dll Fri 17 Mar 2006 9:31:00 A.... 294 912 288,00 K
nvwrsde.dll Fri 17 Mar 2006 9:31:00 A.... 311 296 304,00 K
nvwrsel.dll Fri 17 Mar 2006 9:31:00 A.... 335 872 328,00 K
nvwrseng.dll Fri 17 Mar 2006 9:31:00 A.... 286 720 280,00 K
nvwrses.dll Fri 17 Mar 2006 9:31:00 A.... 335 872 328,00 K
nvwrsesm.dll Fri 17 Mar 2006 9:31:00 A.... 327 680 320,00 K
nvwrsfi.dll Fri 17 Mar 2006 9:31:00 A.... 303 104 296,00 K
nvwrsfr.dll Fri 17 Mar 2006 9:31:00 A.... 327 680 320,00 K
nvwrshe.dll Fri 17 Mar 2006 9:31:00 A.... 278 528 272,00 K
nvwrshu.dll Fri 17 Mar 2006 9:31:00 A.... 315 392 308,00 K
nvwrsit.dll Fri 17 Mar 2006 9:31:00 A.... 323 584 316,00 K
nvwrsja.dll Fri 17 Mar 2006 9:31:00 A.... 212 992 208,00 K
nvwrsko.dll Fri 17 Mar 2006 9:31:00 A.... 196 608 192,00 K
nvwrsnl.dll Fri 17 Mar 2006 9:31:00 A.... 319 488 312,00 K
nvwrsno.dll Fri 17 Mar 2006 9:31:00 A.... 299 008 292,00 K
nvwrspl.dll Fri 17 Mar 2006 9:31:00 A.... 294 912 288,00 K
nvwrspt.dll Fri 17 Mar 2006 9:31:00 A.... 323 584 316,00 K
nvwrsptb.dll Fri 17 Mar 2006 9:31:00 A.... 319 488 312,00 K
nvwrsru.dll Fri 17 Mar 2006 9:31:00 A.... 315 392 308,00 K
nvwrssk.dll Fri 17 Mar 2006 9:31:00 A.... 299 008 292,00 K
nvwrssl.dll Fri 17 Mar 2006 9:31:00 A.... 303 104 296,00 K
nvwrssv.dll Fri 17 Mar 2006 9:31:00 A.... 294 912 288,00 K
nvwrstr.dll Fri 17 Mar 2006 9:31:00 A.... 303 104 296,00 K
nvwrszhc.dll Fri 17 Mar 2006 9:31:00 A.... 163 840 160,00 K
nvwrszht.dll Fri 17 Mar 2006 9:31:00 A.... 167 936 164,00 K
q6nulg~1.dll Wed 17 May 2006 4:17:10 ..S.R 234 226 228,73 K
rcsmans.dll Wed 17 May 2006 1:37:22 ..S.R 235 641 230,12 K
rdmps.dll Wed 17 May 2006 2:15:16 ..S.. 236 671 231,12 K
sldocvw.dll Wed 17 May 2006 20:22:36 ..S.R 234 742 229,24 K
sockspy.dll Sat 13 May 2006 1:25:20 A.... 73 728 72,00 K
spcurity.dll Wed 17 May 2006 14:41:04 ..S.. 236 671 231,12 K
tcpi.dll Tue 16 May 2006 13:40:14 ..S.. 234 256 228,77 K
uxrv42a.dll Tue 16 May 2006 16:21:52 ..S.. 237 188 231,63 K
x264vfw.dll Wed 17 May 2006 4:40:36 A.... 540 178 527,52 K
xcomm.dll Sat 13 May 2006 1:24:30 A.... 77 824 76,00 K
98 items found: 98 files (23 H/S), 0 directories.
Total of file sizes: 44 241 165 bytes 42,19 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 4CFE-8C4C
Rpertoire de C:\WINDOWS\System32
17/05/2006 20:22 234ÿ742 SLDOCVW.DLL
17/05/2006 20:19 233ÿ686 ir6ol5j31.dll
17/05/2006 18:51 233ÿ686 nitman.dll
17/05/2006 18:45 234ÿ742 n6n60g5se6.dll
17/05/2006 18:45 233ÿ873 nptapi32.dll
17/05/2006 18:38 236ÿ842 mXpi32.dll
17/05/2006 18:31 233ÿ817 lpcdll.dll
17/05/2006 14:50 236ÿ842 ifhlpapi.dll
17/05/2006 14:41 236ÿ671 spcurity.dll
17/05/2006 04:17 234ÿ226 q6nulg5916.dll
17/05/2006 02:15 236ÿ671 rdmps.dll
17/05/2006 02:14 235ÿ641 gpj6l31s1.dll
17/05/2006 01:37 235ÿ641 rCsmans.dll
17/05/2006 00:19 235ÿ594 apthz.dll
16/05/2006 20:29 236ÿ689 irr0l59m1.dll
16/05/2006 19:14 237ÿ127 gplql3351.dll
16/05/2006 18:09 234ÿ139 kudycl.dll
16/05/2006 16:21 237ÿ188 uxrv42a.dll
16/05/2006 13:58 236ÿ827 ajsmsext.dll
16/05/2006 13:48 236ÿ023 dcrgres.dll
16/05/2006 13:40 234ÿ256 tCpi.dll
15/05/2006 23:13 235ÿ888 asvapi32.dll
15/05/2006 21:10 235ÿ888 ilaapi.dll
13/05/2006 21:52 <REP> dllcache
12/05/2006 16:53 <REP> Microsoft
23 fichier(s) 5ÿ416ÿ699 octets
2 Rp(s) 120ÿ320ÿ176ÿ128 octets libres
Log hijack:
Logfile of HijackThis v1.99.1
Scan saved at 20:34:36, on 17/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\SEB\Logiciels et programmes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A4D8267-0E37-4C95-8B1E-6F5659757339}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\n6n60g5se6.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
toujours là j'ai l'impression...tenace
Message édité par ptitbagz le 17-05-2006 à 20:44:19
Marsh Posté le 17-05-2006 à 20:50:52
Excellent... j'adore... 
1) En mode normal, relance le fix
2) Choisis l'option 2
----> Il redémarre TOUT SEUL
3) s'il ne le fait pas automatiquement, lance "second.bat"
4) Copie-colle ces lignes dans un fichier texte que tu enregistres en .reg :
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"TISA"=""
5) Désactive / ré-active la restauration du système
6) Supprime le fichier "gard.tmp" (si encore présent)
7) Relance HijackThis et fixe les lignes 020 (si encore présentes)
8) Exécute Cleanup
9) Redémarre la machine et poste un nouveau rapport HijackThis...
Marsh Posté le 19-05-2006 à 00:11:54
re salut,
ravi que que ça te fasse kiffer, je te cache pas que j'aimerais autant qu'il vire au plus vite mais on au moins tu laches pas l'affaire...
- le fichier texte, je le met où ??
- je réactive la restauration dans la foulée ?
- le fichier gard, il est où ?
Message édité par ptitbagz le 19-05-2006 à 00:26:59
Marsh Posté le 19-05-2006 à 06:55:27
Le fichier texte, une fois enregistré en .reg, tu l'exécute pour l'ajouter au registre...
Après, tu pourras réactiver la restauration du système...
Le fichier "guard.tmp" devrait se trouver dans le dossier %windir%/system32/
Bonne chance,
Marsh Posté le 19-05-2006 à 18:32:40
Bon je crois que c'est bon, j'ai ptet mal effectué un truc car je me suis arrêté au fix et au clan up du fix, et il a fait tout un tas d'opérations que je me souvenais pas avoir avant (ou alors je confonds avec un autre...).
Tout ça pour dire qu'apparement, il est bien viré mais je te laisse le log hijack pour que tu me confirme, des fois que...
Merci pour le coup de main.
Logfile of HijackThis v1.99.1
Scan saved at 18:24:44, on 19/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\SEB\Logiciels et programmes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\ADSL Olitec\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\SEB\Logiciels et programmes\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\SEB\Logiciels et programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with Star Downloader - C:\SEB\Logiciels et programmes\Star Downloader\sdie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7447463385
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Message édité par ptitbagz le 19-05-2006 à 18:33:15
Marsh Posté le 19-05-2006 à 19:03:26
Salut...
Plus de Look2Me, j'ai mis Testor à jour...
Tu peux encore fixer cette ligne-ci :
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Relancer Cleanup
et surtout...
mettre à jour ta configuration !
Au plaisir...
Sujets relatifs:
- Help ! Mon PC s'éteint quand je lance une appli !!!
- Help, impossible d'ouvrir mes dossiers sniff snifff !!
- Perte de données !!! Help me !!!!
- Acces aux site sécurisé bloqué help
- HELP !!! J'ai plein de spyware malgré ad-aware pro...
- "Adware.look2Me" impossible à retirer...
- Help : je me retrouve avec un Windows castré !
- Help ! Disque dur 80Go inaccessible, données subitement en RAW !
- Réglages Emule 0.47 help!
- Help : choix d'une solution pour remplacer wsus
Marsh Posté le 16-05-2006 à 22:08:03
Salut à tous,
d'après ce que j'ai lu, je crois que j'ai chopé ce qu'on appelle une belle m..., effectivement ni S&D, ni adawre, smitfraud et consors n'arrivent à en venir au bout.
J'ai voulu essayer L2Mremover mais il bug à l'install (lien ?).
Bref je sais plus trop quoi faire donc HELP !...
Merci d'avance.